An out-of-date WordPress site is an open door to hackers. If you want to keep your site from becoming a hive of viruses, trojan horses, and all sorts of other nastiness, read on.

Many times, when the Automattic team releases a new version of WordPress, it’s due chiefly to a security fix. You see this frequently in the third-level releases (eg from 3.3.1 to 3.3.2). This means they’ve discovered a vulnerability in the core WordPress code, and they’ve taken steps to fix it.

At MWD Web we’ve seen our fair share of clients who come to us in need of urgent help because their site has been hacked. Keeping your version of WordPress up to date is one of the smartest steps you can take to prevent that.

When you’re upgrading in the third-level decimal (again, as in the case of 3.3.1 to 3.3.2), you can generally get away with running the automatic update process. But, any time you upgrade the second-level decimal (say, from 3.2 to 3.3), and certainly the first-level decimal (2.9.2 to 3.0), you want to be sure you have a backup of your database and all your files.

If you don’t have a clue how to obtain said backups, or don’t want to bother with handling the upgrades, check out our Outsourced Webmaster package.

PS: Another tip for keeping your site secure is to not use ‘admin’ as the login name. This is the first thing hackers go after in a brute force password attack, and nine times out of ten there was an ‘admin’ user name involved!

image courtesy of opensource.com